Research On Network Security Situation Awareness Based On Deep Learning

In recent years,with the continuous updating and iteration of Internet technology,various applications are emerging in an endless stream,which has brought earth-shaking changes to people's daily lives.However,at the same time,the problem of network security is becoming increasingly prominent,reminding people to attach great importance to the problem of network security all the time.Traditional network security technologies,such as firewall,network monitoring technology and virus killing,are all passive defensive technologies against network attacks.Network security situational awareness is an active defense technology,which can perceive the possible security threats in the network in advance,and can take corresponding intervention measures to reduce the occurrence of network system attacks as much as possible.Combined with the application advantages of deep learning in network security,this thesis focuses on situation assessment and situation prediction respectively,The main work is as follows:A network attack identification model based on CAE-DNN-FL is proposed,and a situation indicator system based on the impact factors of network attack is constructed.Because the network security data often has the characteristics of high dimension and redundancy,first using the convolutional automatic encoder(CAE)to extract the features from data and using deep neural network(DNN)to recognize the attacks;At the same time,in order to solve the problem of unbalanced distribution of network security data,Focal Loss is introduced to improve the weight of small samples(accounting for relatively few sample types)and increase the attention to difficult samples(samples that are difficult to learn the distribution characteristics of data).The model is proposed and verified on NSL-KDD Network common data sets.Experiments show that the proposed model has obtained excellent performance in network attack identification.Finally,a situation index system based on network attack impact factors is constructed.This method evaluates the current network operation status and quantifies the network attack situation in a period of time,and then realizes the network security situation assessment.A network security situation prediction method based on temporal convolutional network(TCN)is proposed.In this method,firstly,the causal convolution of TCN structure is used to make full use of the historical information of network security situation sequence,so as to avoid the defects caused by the use of cyclic neural network and the omission of historical information.In addition,the expansion convolution is introduced into TCN structure to enlarge the receptive field of convolution and solve the dependency problem of long time series.At the same time,the problems of gradient vanishing and gradient explosion can be solved by introducing residual connection into TCN structure.The experiment shows that TCN has small error and high accuracy in network security situation prediction,and is better than other classical prediction models in situation prediction.